The coordinated attack had managed to infect large numbers of computers less than six hours after it was first noticed by security researchers, in part due to its ability to spread within networks from PC to PC. Businesses are still dealing with the fallout from a cyberattack that hit 200,000 victims in 150 countries, with many organizations and individuals wondering if they are at risk.
Ransomware – a malicious piece of software that locks files on a computer and demands payments to unlock them – is the name of the type of virus that infected the machines. Ransomware attacks have been on the rise and this particular malware known as WannaCry was called "unprecedented" by Europol.
How does it work?
When a computer is infected, the ransomware typically contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. Once all the files are encrypted, it posts a message asking for payment to decrypt the files – and threatens to destroy the information if it doesn’t get paid, often with a timer attached to ramp up the pressure.
How does it spread?
Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.
Will paying the ransom really unlock the files?
Sometimes paying the ransom will work, but sometimes it won’t. For the Cryptolocker ransomware that hit a few years ago, some users reported that they really did get their data back after paying the ransom, which was typically around £300. But there’s no guarantee paying will work, because cybercriminals aren’t exactly the most trustworthy group of people.
What else can I do?Once ransomware has encrypted your files there’s not a lot you can do. If you have a backup of the files you should be able to restore them after cleaning the computer, but if not your files could be gone for good.